Apache-Session-LDAP
view release on metacpan or search on metacpan
lib/Apache/Session/Store/LDAP.pm view on Meta::CPAN
scope => 'base',
attrs => [ $self->{args}->{ldapAttributeContent} ],
);
$self->ldap->unbind() && delete $self->{ldap};
$self->logError($msg) if ( $msg->code );
eval {
$session->{serialized} = $msg->shift_entry()
->get_value( $self->{args}->{ldapAttributeContent} );
};
if ( !defined $session->{serialized} ) {
die "Object does not exist in data store";
}
}
sub remove {
my $self = shift;
my $session = shift;
$self->{args} = $session->{args};
$self->{args}->{ldapObjectClass} ||= 'applicationProcess';
$self->{args}->{ldapAttributeId} ||= 'cn';
$self->{args}->{ldapAttributeContent} ||= 'description';
$self->ldap->delete( $self->{args}->{ldapAttributeId} . "="
. $session->{data}->{_session_id} . ","
. $self->{args}->{ldapConfBase} );
$self->ldap->unbind() && delete $self->{ldap};
}
sub ldap {
my $self = shift;
return $self->{ldap} if ( $self->{ldap} );
# Parse servers configuration
my $useTls = 0;
my $tlsParam;
my @servers = ();
foreach my $server ( split /[\s,]+/, $self->{args}->{ldapServer} ) {
if ( $server =~ m{^ldap\+tls://([^/]+)/?\??(.*)$} ) {
$useTls = 1;
$server = $1;
$tlsParam = $2 || "";
}
else {
$useTls = 0;
}
push @servers, $server;
}
# Compatibility
my $caFile = $self->{args}->{ldapCAFile} || $self->{args}->{caFile};
my $caPath = $self->{args}->{ldapCAPath} || $self->{args}->{caPath};
# Connect
my $ldap = Net::LDAP->new(
\@servers,
onerror => undef,
verify => $self->{args}->{ldapVerify} || "require",
( $caFile ? ( cafile => $caFile ) : () ),
( $caPath ? ( capath => $caPath ) : () ),
(
$self->{args}->{ldapPort}
? ( port => $self->{args}->{ldapPort} )
: ()
),
) or die( 'Unable to connect to ' . join( ' ', @servers ) . ': ' . $@ );
# Check SSL error for old Net::LDAP versions
if ( $Net::LDAP::VERSION < '0.64' ) {
# CentOS7 has a bug in which IO::Socket::SSL will return a broken
# socket when certificate validation fails. Net::LDAP does not catch
# it, and the process ends up crashing.
# As a precaution, make sure the underlying socket is doing fine:
if ( $ldap->socket->isa('IO::Socket::SSL')
and $ldap->socket->errstr < 0 )
{
die( "SSL connection error: " . $ldap->socket->errstr );
}
}
# Start TLS if needed
if ($useTls) {
my %h = split( /[&=]/, $tlsParam );
$h{verify} ||= ( $self->{args}->{ldapVerify} || "require" );
$h{cafile} ||= $caFile if ($caFile);
$h{capath} ||= $caPath if ($caPath);
my $start_tls = $ldap->start_tls(%h);
if ( $start_tls->code ) {
$self->logError($start_tls);
return;
}
}
# Bind with credentials
my $bind = $ldap->bind( $self->{args}->{ldapBindDN},
password => $self->{args}->{ldapBindPassword} );
if ( $bind->code ) {
$self->logError($bind);
return;
}
$self->{ldap} = $ldap;
return $ldap;
}
sub logError {
my $self = shift;
my $ldap_operation = shift;
die "LDAP error " . $ldap_operation->code . ": " . $ldap_operation->error;
}
1;
=pod
=head1 NAME
Apache::Session::Store::LDAP - Use LDAP to store persistent objects
=head1 SYNOPSIS
use Apache::Session::Store::LDAP;
my $store = new Apache::Session::Store::LDAP;
$store->insert($ref);
$store->update($ref);
$store->materialize($ref);
$store->remove($ref);
=head1 DESCRIPTION
This module fulfills the storage interface of Apache::Session. The serialized
objects are stored in an LDAP directory file using the Net::LDAP Perl module.
=head1 OPTIONS
This module requires one argument in the usual Apache::Session style. The
keys ldapServer, ldapBase, ldapBindDN, ldapBindPassword are required. The keys
ldapPort, ldapObjectClass, ldapAttributeId, ldapAttributeContent are optional.
Example:
tie %s, 'Apache::Session::LDAP', undef,
{
( run in 1.911 second using v1.01-cache-2.11-cpan-39bf76dae61 )